instead of notifying the postmaster, can you sent the notify to a group alias and
setup more than one person to receive the postmaster message? That way more people
will get the message to assist the person with the virus...
just a thought... bob
On Tuesday, August 7, 2001 5:02 PM, David
Hi,
Just wondering, is there a way to have imail rules inacted before Declude does?
The reason I ask is it would be nice to have the H a h a h a S e x y Fun
virus not have e-mails sent to the sender or recipient, and just be
trashed.
Any ideas?
bob
This E-mail came from the Declude.Virus
so what about a change to declude so that certain viruses (or subjects, whatever)
would get passed through to rules?
On Wednesday, August 22, 2001 12:02 PM, R. Scott Perry [EMAIL PROTECTED] wrote:
Just wondering, is there a way to have imail rules inacted before Declude
does?
The reason I
So if you use the banext, the mail is not delivered if the attachment matches the
extension but there is no notification at all?
example
banext scr
I get a message that has an scr attachment but not a virus. The message is not
delivered and there is no notification as to the non-delivery?
I changed lists to declude as it's more relevant.
the auto update is nice but IMO the scheduled bat file is nicer. I slightly modified
the ftp script to include a dir list of the *.def files before and after getting the
updated files. The info is e-mailed to me in the script.
that way, I
Is there a way in the BANnotify.eml file to add the body of the offending message to
this eml file?
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL
As usual, thanks for the info Scott!!! I like the sounds of a %MESSAGETEXT%
variable...
On Wednesday, February 20, 2002 4:15 PM, R. Scott Perry [EMAIL PROTECTED] wrote:
Isn't the bannotify only for exception extensions, not
necessarily viruses?
Yes, but the reason that the banned file
I thought on the magistr virus every 5th address was possibly not altered?
Are all the return addresses bad? I have chosen not to skip this one to the sender as
20% of the time it reaches the infected sender. Maybe not exactly 20% but some success
anyway...
On Thursday, April 25, 2002 7:18
ok, but my imail box is no longer listed in the MX records.
On Friday, May 17, 2002 10:49 AM, R. Scott Perry [EMAIL PROTECTED] wrote:
We have an IMGate box setting in front of our IMail box and I am noticing
that the %REMOTEIP% variable is sometimes filled in with the IP of the
Postfix box
I think you hit it on the head
So for the next question: Can you add to
declude virus so I could get the IP of the remote (external) server that delivered
the mail in this case? Or at least add it to the proposed changes? Something like
%2NDREMOTEIP%?
On Friday, May 17, 2002 11:02 AM,
yep, and that's where I'll look :-)
thanks aton Scott again.
On Friday, May 17, 2002 1:44 PM, R. Scott Perry [EMAIL PROTECTED] wrote:
So for the next question: Can you add to
declude virus so I could get the IP of the remote (external) server that
delivered
the mail in this case? Or at
I recently added multiple banext commands to my config file.
I send a message to sender and postmaster when the message is banned. This morning I
had a postmaster message and the message listed no banned extension.
so, I looked at the message in the virus folder and there were 4 attachments
The catch here is that BinHex (Mac encoding) files have the filename within
the encoded segment. So you can have a situation where the MIME filename
is safefile.txt, but the BinHex segment says the filename is
evilvirus.exe (which you won't see, because it is encoded).
ok, so next question... if declude caught the attachment why did it not list with the
%BANEXT% variable? That variable was blank. How would I determine what file
extension was caught. I'm just trying to understand...
On Friday, August 9, 2002 9:17 AM, R. Scott Perry [EMAIL PROTECTED] wrote:
I did not catch that you wanted the message How do I go about taking something
from the virus folder, change the recipient to [EMAIL PROTECTED]?
just copy and change the sender in both files?
On Friday, August 9, 2002 9:54 AM, John Tolmachoff [EMAIL PROTECTED]
wrote:
Scott, please post,
ok scott, I'll get the latest thanks for looking into it.
Insidently, I see that all the time with mac files... spaces at the end pain in the
_ss
On Friday, August 9, 2002 11:18 AM, R. Scott Perry [EMAIL PROTECTED] wrote:
so, I looked at the message in the virus folder and there were
I'm getting them as well and am on version 1.58.
On Monday, September 23, 2002 3:00 PM, Dan Shadix [EMAIL PROTECTED] wrote:
I can't be sure that this is related, but since I've installed 1.61 I
started getting some messages from Amazon.com being caught by BANEXT com
when they don't appear to
on this issue, anyone know of a link that explains the riks of URL types? We ban alot
of these and I'm wondering what the risk is with the URL shortcut... anyone know???
On Friday, September 27, 2002 3:03 PM, Sheldon Koehler [EMAIL PROTECTED] wrote:
example it could be format c:
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Bob McGregor
Sent: Friday, September 27, 2002 4:07 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.Virus] banned files
on this issue, anyone know of a link that explains the riks
here is the one I reference:
http://office.microsoft.com/assistance/2000/Out2ksecFAQ.aspx
On Tuesday, January 14, 2003 11:28 AM, [EMAIL PROTECTED] wrote:
Can someone please furnish me the link to the Microsoft page listing the
extensions that should be banned?
Thanks,
Doug McKee
---
[This
is that the option now then? Only use frisk's updater and not a batch scheduled job?
I like the batch proccess as I get an e-mail that I can check to see new definition
files and for success of transfer and install. Maybe the updated does that now too
although I like what I get from my batch
Thanks all for the help. I decided to just go to the frisk web site and download the
new version which indeed updated the fpcmd.exe. I guess I'll change to scheduling the
updater.exe for definitions and just check with frisk for new releases. I appreciate
all the help and suggestions.
Now
a good idea (at least I think so) is to add the %VERSION% variable to the
postmaster.eml sent to your postmaster. That way you always can check what version
you have by looking at one of your postmaster emails.
example:
Declude %VERSION% caught a virus.
bob
On Monday, January 20, 2003 2:54
ok, thanks for the info I'll add it to the skipif list...
bob
On Tuesday, January 28, 2003 2:17 PM, John Tolmachoff [EMAIL PROTECTED]
wrote:
Just want to make sure on this... does this virus forge the sending
address? If so, is
it an address taken from the infected address book like K L E
Z?
, the attachment is not actually there, although the
mime header for it is.
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.Virus-
[EMAIL PROTECTED] On Behalf Of Bob McGregor
Sent: Friday, September
thanks scott, is it on the enhancement request screen or does it not make sense?
On Friday, September 26, 2003 10:11 AM, R. Scott Perry [EMAIL PROTECTED] wrote:
Is there a way with declude virus to delete only specific
received viruses?
No, there is not.
ok not really, but I think is comical.
I get the following as an unsubcribe message fromm a list I never subscribed to...
funny. Look at the body, it definately was from the doom...
it did have the z i p attached with the message sent to me informing me of the
unsubscribe
bob
On Thursday,
Headers:
Received: from yahoo.com [64.108.112.144] by mail.stacy-insurance.com with ESMTP
(SMTPD32-8.05) id A6E770760154; Tue, 13 Apr 2004 10:19:19 -0400
. . .
Bob McGregor wrote:
Greg,
how are you defining the counts inbound/outbound? That would be
nice so you know when it's one of your own
Extensions should get the same treatment,
because these may
be normal user work that is getting trapped or a very new virus.)
Let us know which part you need help with. (lots of folks can help)
Greg
Bob McGregor wrote:
thanks greg, if you are using unxutils, would you mind
sharing
what does the /packed parameter on the scanfile line in the config file do? Is it a
switch that I want on? It's not mentioned in the manual for declude virus.
thanks, bob
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the
thanks Bill,
f-prot was the scanner, sorry about that. I'll just leave it in then if it does not
hurt...
bob
On Tuesday, June 8, 2004 10:33 PM, Bill Landry [EMAIL PROTECTED] wrote:
- Original Message -
From: Bob McGregor [EMAIL PROTECTED]
what does the /packed parameter
It appears as though frisk is calling it
Virus Name: : HTML/[EMAIL PROTECTED]
On Monday, August 9, 2004 1:16 PM, Andy Schmidt [EMAIL PROTECTED] wrote:
Hi:
As far as I can tell, it's been discovered by McAfee for a few hours (as
usually is the case, when I see these exchanges on this list)!
Since upgrading to 1.80 I am seeing many more Invalid CPL Vulnerabilities. Is this
just timing or is there something different for these vulnerabilities?
The interesting thing about these is that they are coming from spoofed senders
multiple deliveries at a time.
---
[This E-mail was scanned
strange since I had the interim versions, many of them. I do not remember seeing this
vulnerability especially being spoofed.
I wonder though:
I added a vulnerability.eml
and have
ONLYSENDIFVIRUSNAMEHAS JPEG Vulnerability
I assumed that the virusname would have to have JPEG Vulnerability, both
Just a thought. I produce this list nightly with a batch file with unxtools.
I really like the add I have to tell me if it's an inside machine or outside.
Inside ones show the IP of the sending computer. See the EXE banned at the
bottom.
I'd be happy to share my bat file for this, it does
Just wondering if someone can explain what the HTML / IFrame @ expl
capture from f-prot is?
is it a vulnerability or worse?
thanks, bob
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe,
this is a bit off-topic but
we had one of our servers last night have the ebay spoof page loaded on it.
Anyone have info as to how this gets loaded and, more imporantly how to keep it
from happening?
The only things I found was the htm page that was referenced in the spam e-mail
and a folder
We recently moved from the 1.8x version of declude virus to the new 4.x version
that contains it all.
I have noticed the SURBL has a default weight of 5 and am wondering if
it's effective in increasing this number.
We never had junkmail before so am a bit gunshy of changing the defaults
to
Anyone configured a way to stop some of the pay-pal scam emails?
thanks, bob
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.
We have had quite a few people open the ecard messages and are now infected
with this virus.
Anyone know of a freebe that will remove this one? Currently, the only way
we're able to remove it is safe mode and avg.
thanks, bob
---
This E-mail came from the Declude.Virus mailing list. To
: 978.988.1311
E: [EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bob
McGregor
Sent: Tuesday, July 24, 2007 12:26 PM
To: Declude-List
Subject: [Declude.Virus] removing js/psyme
We have had quite a few people open the ecard messages
41 matches
Mail list logo